How can we take the user's details from active directory in SharePoint 2010. I have one requirement, which has the functionality to send the mail to all the users who are listed in particular column in share point list. These column has the type of Single line of text (displaying display-name of the User). I need to retrieve each users information from AD by passing this display name without adding any LDAP connection string anywhere. Is it possible? if it possible, please help me to sort out this issue.
In my opinion the best way to achieve this is to use User Profile Synchronization. First you will need to configure user profile synchronization with AD. Then you can use SharePoint API (UserProfileManager class of server object model) to access user properties imported from AD.
Related
I'm currently using a SharePoint account as a Service account to get files and share them in an application I'm working on using CSOM. I filter the files according to the logged-in user to check if the user has no access to the file, then I hide it, to prevent him from trying to access it and get "Permission Denied" error.
So, I used ListItem.GetUserEffectivePermissions for this issue, but I need to grant the user only the permissions he needs to access and make that check.
I checked the official documentation of ListItem.GetUserEffectivePermissions here but unfortunately, I found no direct clue which permission does the job.
So to recap what this service account needs to do is :
1- Execute Search across all sharepoint files [SearchExecutor].
2- Get Login Name by Email using Utility.ResolvePrincipal (to be used in GetUserEffectivePermissions function).
3- Use GetUserEffectivePermissions to check if the logged-in User has permission to view the file.
I'd really appreciate your help as I'm kind of new to SharePoint and I searched a lot but found no clue about what I need.
I would recommend that you change your architectural approach. Instead of trying to manage what permissions a user has in SharePoint, let SharePoint take care of it like it already does. Instead, have your app use an OBO (On Behalf Of) token which will honor the logged on user's permissions in SharePoint and only return items that the user has access to. For a detailed overview of the OBO flow in MSAL, please refer to this article.
I created a website using HTML/CSS to display a SQL reports index. This has worked fine up till now because users needed access to a security group and something inside SQL to view the report and the data fields. We are now getting to the stage where there are too many reports and some have sensitive names so we need to limit access based on Active Directory security groups. Thing is that I have no clue at all how to manage access via AD Groups. I have managed to get basic AD authentication working for another project that I deployed for the company, but that didn't require access beyond Domain Users.
Could anyone please point me in the right direction to authenticate via AD, check a user for groups and then display info based on their access. The last bit should be really easy, the hardest part will be checking group info and then filling a variable that I can then use to create a loop that will display all the reports the user has access to.
I have found a partial answer. The below link is a guide on how to pull all AD groups a user belongs to and then checking to see if they are a member of a certain group. This is largely what I was looking for and if I can meld it into what I want, I think I can use this to do what I need.
http://www.c-sharpcorner.com/UploadFile/scottlysle/test-for-user-group-membership-in-Asp-Net-C-Sharp/
Alternatively Microsoft windows server can also run LDAP which has an unbelievable number of compatible libraries to code with.
tutorial linked, its just another server role/feature you can install (like ad itself)
http://osqa.sjsoft.com/questions/248/how-do-i-install-minimal-active-directoryldap-services-on-windows-server-2008
also here is a Q.A.D SO answer to querying user-groups are you using windows framework like asp? whats your server technology?
Query From LDAP for User Groups
I want to understand how best tables should be designed to map Active Directory (AD) user groups.
I am implementing an asp.net application in which users will log in and execute actions or view pages.
I want to add permissions i.e. user can add a record, user can delete other users from system, user can view a webpage into SQL Server database.
My aim is to create AD user groups and map permissions for the user groups in the database but, I want to understand how to use parent-child structure of AD in my database such that if we have a user group that has access to perform permissions such as add record and delete record and if another user group inherits this user group but restricts access to delete a record then we would want to not allow the child user group to delete a record but it should allow adding of the record.
How should this be mapped?
thanks. Any help points are appreciated.
I would strongly suggest looking at a technology such as MS Authorization Manager (AzMan), which will provide this functionality for you. It can use a database to hold the security configuration, or XML, or Active Directory itself.
I've an InfoPath form that the filler needs to specify people. A workflow later assigns tasks to these people. What I'm looking for is a people picker like what SharePoint has for user fields, but that I can use in InfoPath. I've already designed a form to do this where the filler can put in a name or email and the form will list results from the site.allusers group.
The problem is, what if the person that needs to be added into the form has never accessed this particular site collection before. Their account isn't going to be listed in the AllUsers list.
Where in the object model can I search for a user that is able to authenticate with SharePoint?
Why not just use the OTB one in InfoPath and configure it to point to your SharePoint environment?
http://www.sharepointassist.com/2009/02/27/adding-a-contact-selectorpeople-picker-to-an-infopath-form/
If your running MOSS with AD integration, then it should automatically retrieve everyone that's in your domain if AD synch is enabled.
I think that the problem here is that even if you do find a list of users, the workflows won't trigger any actions if the users don't exist in the User Information List.
If the users don't exist in the User Information List, then you won't be able to find them via the SharePoint object model because they don't exist in SharePoint. You will have to find them some other way.
So basically, it depends on how the authentication is configured on your SharePoint server :
If you are using FBA, then the users who can authenticate with SharePoint must exist in a SQL database somewhere. Membership.Provider will give you a hook on your FBA membership provider (whether it's a SqlMembershipProvider or something else). You can then use methods like
Membership.Provider.GetUser(username)
to see if a user exists. You can also loop through your users or find all the existing usernames which you could then display in your people picker.
If you are using windows authentication, you will have to look in your AD to find the potential users. The DirectoryEntry object is what you'll need. I imagine that only users from a certain AD group can access SharePoint? If so, then isolate that group with the DirectoryEntry object, loop through the users and you will have your data source for the people picker.
As I said above though, either method will give you the possible users, but it won't make the workflow work if the users have not logged in. Workflows will only work properly with users that do exist in the User Information List.
When someone picks a user that doesn't exist in SharePoint, you will probably have to create it via code. A safe way to do this is with the SPWeb.EnsureUser.
Checks whether the specified login
name belongs to a valid user of the
Web site, and if the login name does
not already exist, adds it to the Web
site.site.
So really, to answer your question, nowhere. You need to look for them where they could be coming from.
We have a SharePoint site and we now want to only allow users that have registered and paid to have access to the site by yearly subscription.
We would like to automate the process of managing the subscriptions and creating the users as much as possible.
I understand we will not get a turnkey solution. However, does the SO Community have any ideas on how we could do this. We will be using forms authentication.
A bit more info would be welcome, but I'll give it a try.
I assume you are running with FormsBasedAuthentication? If so, you would need to write the logic that creates the user in the database. The existing ASP.NET Membership Provider should meet all your needs. After that, you would need to add the newly created user to the appropriate sharepoint groups (this can also be done using the sharepoint object model).
The first step though would be to create your "become a member" page and make that accessible anonymously. Add a webpart / control to that page that handles the payment and then when succesful creates the ASP.NET Membership Provider user. Then adds that user to the appropriate sp groups. The easiest way to restict access would be to create a subsite of the main welcome site (root of the sitecollection), which has it's own rights and groups. make the root site accessible for anyone, allow access to the subsite for paying users only.
The codeplex project SharePoint 2007 List Membership Provider allows you to maintain your users in a SharePoint list